CTEP/IPS Threat Content Update Release Notes 100.0.0.283

CTEP/IPS Threat Content Update Release Notes 100.0.0.283

Refer to the following summary of signatures deployed on 17th January, 2023 with the IPS content release:

  • Signatures added : 164
  • Signatures modified: 04
  • Signatures removed: 04
Signatures Added
SIDDescriptionReference
150188MALWARE-CNC github.Bloodhound.Download traffic detectedNo Reference
150189MALWARE-CNC github.Winpeas.Download traffic detectedNo Reference
150190MALWARE-CNC Shellsting.Beacon traffic detectedNo Reference
150191MALWARE-CNC Shellsting.Beacon traffic detectedNo Reference
150192MALWARE-CNC Shellsting.Payload traffic detectedNo Reference
150282MALWARE-CNC Command and Control – HIDDENVALUE C2 Beacon Variant2 detectedNo Reference
150284MALWARE-CNC Command and Control – HALFSHELL C2 Beacon detectedNo Reference
150285MALWARE-CNC Command and Control – APT30 BACKSPACE C2 Communication Variant3 DetectedNo Reference
150286MALWARE-CNC Command and Control – LOKIBOT C2 Communication Variant3 detectedNo Reference
150287MALWARE-CNC Command and Control – MAZE C2 Beacon Variant2 detectedNo Reference
150288MALWARE-CNC Command and Control – CRYPTOWALL Beacon detectedNo Reference
150503MALWARE-CNC Redisland.C2 traffic detectedNo Reference
150509MALWARE-CNC Armageddon.Weirdbird.Exfiltration detectedNo Reference
150510MALWARE-CNC Chepro.C2.Beacon traffic detectedNo Reference
150511MALWARE-CNC APT29.Get.Request traffic detectedNo Reference
150512MALWARE-CNC Lockload.C2 traffic detectedNo Reference
150513MALWARE-CNC Lockload.C2 traffic detectedNo Reference
150514MALWARE-CNC Lockload.C2 traffic detectedNo Reference
150515MALWARE-CNC Lockload.C2 traffic detectedNo Reference
150516MALWARE-CNC Lockload.C2 traffic detectedNo Reference
150517MALWARE-CNC Matanbuchus.C2 traffic detectedNo Reference
150518MALWARE-CNC Matanbuchus.Exfiltration.C2 traffic detectedNo Reference
150519MALWARE-CNC UNC3443.Emotet.Download traffic detectedNo Reference
150520MALWARE-CNC UNC3443.Emotet.Download traffic detectedNo Reference
150521MALWARE-CNC UNC3443.Emotet.Download traffic detectedNo Reference
150522MALWARE-CNC UNC3443.Emotet.Download traffic detectedNo Reference
150523MALWARE-CNC UNC3443.Emotet.Beacon traffic detectedNo Reference
150524MALWARE-CNC UNC3443.Emotet.Beacon traffic detectedNo Reference
150525MALWARE-CNC curl.privesc.download traffic detectedNo Reference
150526MALWARE-CNC Koadic.C2 traffic detectedNo Reference
150527MALWARE-CNC Evora.C2 traffic detectedNo Reference
150528MALWARE-CNC Armageddon.Playdate.C2.Beacon detectedNo Reference
150529MALWARE-CNC Doublepipe.C2 traffic detectedNo Reference
150530MALWARE-CNC Pearldown.C2.Get detectedNo Reference
150531MALWARE-CNC Pearldown.C2.Get detectedNo Reference
150532MALWARE-CNC UNC3840.Fruitbird.C2.Beacon detectedNo Reference
150533MALWARE-CNC Kwampires.C2 detectedNo Reference
150534MALWARE-CNC UNC3443.Emotet.C2 detectedNo Reference
150535MALWARE-CNC UNC3443.Emotet.C2 detectedNo Reference
150546MALWARE-CNC Sevenminus.Initial.Checkin variant detectedNo Reference
150547MALWARE-CNC Armedcloud.C2 traffic detectedNo Reference
150548MALWARE-CNC Psixbot.DoH.Tunneling traffic detectedNo Reference
150549MALWARE-CNC Trevor.Generic.C2 instruction retrieval traffic detectedNo Reference
150551MALWARE-CNC Servu.C2 traffic detectedNo Reference
150552MALWARE-CNC PutterPanda.HTTPBeacon C2 traffic detectedNo Reference
150553MALWARE-CNC Valefor.C2 beacon traffic detectedNo Reference
150554MALWARE-CNC Infostealer.Discord.C2 traffic detectedNo Reference
150555MALWARE-CNC Questdown.Exfiltration.C2 traffic detectedNo Reference
150556MALWARE-CNC Questdown.Exfiltration.C2 traffic detectedNo Reference
150557MALWARE-CNC Questdown.Exfiltration.C2 traffic detectedNo Reference
150558MALWARE-CNC UNC4027.C2.Beacon traffic detectedNo Reference
150559MALWARE-CNC HAVANACRYPT.Data.Exfilteration traffic detectedNo Reference
150560MALWARE-CNC UNC3443.Emotet.Dropper.Beacon traffic detectedNo Reference
150561MALWARE-CNC URSNIF.C2.Communication varient traffic detectedNo Reference
150562MALWARE-CNC URSNIF.C2.traffic detectedNo Reference
150563MALWARE-CNC FIN8.Rumpunch.Check-in traffic detectedNo Reference
150564MALWARE-CNC FIN8.Rumpunch.Check-in traffic detectedNo Reference
150565MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxUploadCall traffic detectedNo Reference
150566MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxListFolder traffic detectedNo Reference
150567MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxDownload traffic detectedNo Reference
150568MALWARE-CNC TurlaTeam.CRUTCHv3.DropboxDeletev2 traffic detectedNo Reference
150569MALWARE-CNC APT37.Slowdrift.Login traffic detectedNo Reference
150570MALWARE-CNC Subtlelime.Beacon traffic detectedNo Reference
160001FILE-PDF Adobe Acrobat out of bounds write attemptCVE-2023-21606
160002FILE-PDF Adobe Acrobat out of bounds read attemptCVE-2023-21613
160003FILE-PDF Adobe Acrobat out of bounds read attemptCVE-2023-21614
160101FILE-PDF Adobe Acrobat integer overflow attemptCVE-2023-21604
160102FILE-PDF Adobe Acrobat NULL Pointer Dereference attemptCVE-2023-21586
160103FILE-PDF FILE-PDF Adobe Acrobat Out-of-bounds Read attemptCVE-2023-21585
160104FILE-PDF Adobe Acrobat Heap-based Buffer Overflow attemptCVE-2023-21605
160105FILE-PDF Adobe Acrobat Improper Input Validation attemptCVE-2023-21607
60459MALWARE-CNC Win.Malware.VSingle variant outbound connection www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730
60460MALWARE-CNC Win.Malware.VSingle variant outbound connection www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730
60461MALWARE-CNC Win.Malware.VSingle variant outbound connection www.virustotal.com/gui/file/586f30907c3849c363145bfdcdabe3e2e4688cbd5688ff968e984b201b474730
60462MALWARE-CNC Win.Backdoor.YamaBot variant outbound connection www.virustotal.com/gui/file/f226086b5959eb96bd30dec0ffcbf0f09186cd11721507f416f1c39901addafb
60463MALWARE-CNC Win.Backdoor.TigerRAT variant outbound connection www.virustotal.com/gui/file/bffe910904efd1f69544daa9b72f2a70fb29f73c51070bde4ea563de862ce4b1
60464MALWARE-CNC Win.Backdoor.TigerRAT variant outbound connection www.virustotal.com/gui/file/1f8dcfaebbcd7e71c2872e0ba2fc6db81d651cf654a21d33c78eae6662e62392
60465MALWARE-CNC Win.Backdoor.MagicRAT variant outbound connection www.virustotal.com/gui/file/90fb0cd574155fd8667d20f97ac464eca67bdb6a8ee64184159362d45d79b6a4
60466MALWARE-CNC Win.Backdoor.MagicRAT variant outbound connection www.virustotal.com/gui/file/8ce219552e235dcaf1c694be122d6339ed4ff8df70bf358cd165e6eb487ccfc5
60468BROWSER-CHROME Google Chrome V8 engine IterateElements out-of-bounds read attemptCVE-2016-1646
60469MALWARE-OTHER Php.Webshell.CmdShell upload attempt attack.mitre.org/techniques/T1505/003/
60470MALWARE-OTHER Php.Webshell.CmdShell download attempt attack.mitre.org/techniques/T1505/003/
60471MALWARE-OTHER Php.Webshell.CmdShell outbound connection attempt attack.mitre.org/techniques/T1505/003/
60479OS-WINDOWS Microsoft Windows Runtime remote code execution attemptCVE-2022-21971
60483BROWSER-CHROME Google Chrome V8 JSON.stringify remote code execution attemptCVE-2021-38003
60489MALWARE-OTHER PacketWhisper decloakify.py download attemptNo Reference
60491MALWARE-OTHER PacketWhisper cloakify.py download attemptNo Reference
60493MALWARE-OTHER PacketWhisper download attemptNo Reference
60494MALWARE-OTHER Php.Webshell.Exoshell upload attempt attack.mitre.org/techniques/T1505/003/
60495MALWARE-OTHER Php.Webshell.Exoshell download attempt attack.mitre.org/techniques/T1505/003/
60496MALWARE-CNC Php.Webshell.Exoshell inbound connection attempt attack.mitre.org/techniques/T1505/003/
60497MALWARE-CNC Php.Webshell.Exoshell inbound connection attempt attack.mitre.org/techniques/T1505/003/
60498MALWARE-CNC Php.Webshell.Exoshell outbound connection attempt attack.mitre.org/techniques/T1505/003/
60503SERVER-WEBAPP Dojo Toolkit JavaScript prototype pollution attemptCVE-2021-23450
60505OS-LINUX Sudo heap-based buffer overflow attemptCVE-2021-3156
60506MALWARE-OTHER Php.Webshell.FTPSearch outbound connection attempt attack.mitre.org/techniques/T1505/003/
60507MALWARE-CNC Win.Trojan.Matanbuchus payload download attempt www.virustotal.com/gui/file/af356a39a298f6a48f8091afc2f2fc0639338b11813f4f4bd05aba4e65d2bbe3
60512MALWARE-OTHER Win.Trojan.Matanbuchus variant Cobalt Strike inbound connectionisc.sans.edu/diary/malspam+pushes+matanbuchus+malware%2c+leads+to+cobalt+strike/28752
60513MALWARE-OTHER Win.Trojan.Matanbuchus variant Cobalt Strike inbound connection isc.sans.edu/diary/malspam+pushes+matanbuchus+malware%2c+leads+to+cobalt+strike/28752
60514MALWARE-CNC Unix.Backdoor.KeyPlug variant outbound connection www.mandiant.com/resources/blog/apt41-us-state-governments
60515MALWARE-CNC Unix.Backdoor.KeyPlug variant outbound connection www.mandiant.com/resources/blog/apt41-us-state-governments
60516MALWARE-CNC Win.Trojan.IcedID download attemptNo Reference
60517MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/
60518MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/
60519MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/
60520MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/
60521MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/be79d470c081975528c0736a0aa10214e10e182c8948bc4526138846512f19e7/analysis/
60522MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/a9916af0476243e6e0dbef9c45b955959772c4d18b7d1df583623e06414e53b7/analysis/
60523MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/8294815c2342ff11739aff5a55c993f5dd23c6c7caff2ee770e69e88a7c4cb6a/analysis/
60524MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/
60525MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/
60526MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/581ed090237b314a9f5cd65076cd876c229e1d51328a24effd9c8d812eaebe6a/analysis/
60527MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/5264e8a8571fe0ef689933b8bc2ebe46b985c9263b24ea34e306d54358380cbb/analysis/
60528MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/34bf1a232870df28809597d49a70d9b549d776e1e4beb3308ff6d169a59ecd02/analysis/
60529MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447/analysis/
60530MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/ff7e8580ce6df5d5f5a2448b4646690a6f6d66b1db37f887b451665f4115d1a2/analysis/
60531MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/be79d470c081975528c0736a0aa10214e10e182c8948bc4526138846512f19e7/analysis/
60532MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/a9916af0476243e6e0dbef9c45b955959772c4d18b7d1df583623e06414e53b7/analysis/
60533MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/8294815c2342ff11739aff5a55c993f5dd23c6c7caff2ee770e69e88a7c4cb6a/analysis/
60534MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/78c6b489ac6cebf846aab3687bbe64801fdf924f36f312802c6bb815ed6400ba/analysis/
60535MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/581ed090237b314a9f5cd65076cd876c229e1d51328a24effd9c8d812eaebe6a/analysis/
60536MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/5264e8a8571fe0ef689933b8bc2ebe46b985c9263b24ea34e306d54358380cbb/analysis/
60537MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/34bf1a232870df28809597d49a70d9b549d776e1e4beb3308ff6d169a59ecd02/analysis/
60538MALWARE-CNC Lnk.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447/analysis/
60539MALWARE-CNC Doc.Dropper.Gamaredon malicious download attempt virustotal.com/en/file/4aa2c783ae3d2d58f12d5e89282069533a80a7ba6f7fe6c548c6230a9601e650/analysis/
60558OS-WINDOWS Windows Common Log File System driver escalation of privileges attemptCVE-2022-35803
60569SERVER-WEBAPP QNAP Photo Station combine.php remote code execution attemptCVE-2022-27593
60570MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa
60571MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa
60572MALWARE-TOOLS Win.Trojan.Amadey malware tools download attempt www.virustotal.com/gui/file/02989f6664dd6098efe0d9717187cd57fd2ab9d7c1fc9fd8d49817aa81d80caa
60575OS-OTHER Apple OS X rootpipe privilege escalation attemptCVE-2015-1130
60577OS-MOBILE GingerBreak escalation of privilege attemptCVE-2011-1823
60579BROWSER-CHROME Google Chromium security bypass attemptCVE-2021-30533
60582MALWARE-OTHER Perl.Webshell.GammaShell upload attempt attack.mitre.org/techniques/T1505/003/
60583MALWARE-OTHER Perl.Webshell.GammaShell download attempt attack.mitre.org/techniques/T1505/003/
60584MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt attack.mitre.org/techniques/T1505/003/
60585MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt attack.mitre.org/techniques/T1505/003/
60586MALWARE-CNC Perl.Webshell.GammaShell inbound connection attempt attack.mitre.org/techniques/T1505/003/
60587MALWARE-CNC Perl.Webshell.GammaShell outbound connection attempt attack.mitre.org/techniques/T1505/003/
60588MALWARE-OTHER Perl.Webshell.GoShell upload attempt attack.mitre.org/techniques/T1505/003/
60589MALWARE-OTHER Php.Webshell.GoShell download attempt attack.mitre.org/techniques/T1505/003/
60590MALWARE-CNC Perl.Webshell.GoShell inbound connection attempt attack.mitre.org/techniques/T1505/003/
60591MALWARE-CNC Perl.Webshell.GoShell outbound connection attempt attack.mitre.org/techniques/T1505/003/
60600MALWARE-TOOLS Win.Trojan.Mansabo Cobalt Strike download attempt www.virustotal.com/gui/file/c6a948be6c714e8dcce8f0fc9c2dce8b3d1f22fee9246089dbbbe1046aed8c03
60603OS-MOBILE Mali GPU memory alias privilege escalation attemptCVE-2022-20186
60614OS-WINDOWS Windows DACL privilege escalation attemptCVE-2019-0841
60622MALWARE-TOOLS Win.Trojan.LockBit variant binary download attempt www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/
60626OS-OTHER Apple Mac iOS IOKit keyboard driver privilege escalation attemptCVE-2014-4404
60637MALWARE-OTHER MultiOS.Backdoor.antSword inbound connection attempt msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
60638MALWARE-CNC Win.Backdoor.Agent inbound connection attempt msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
60639MALWARE-CNC Win.Backdoor.Agent inbound connection attempt msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
60640MALWARE-OTHER MultiOS.Backdoor.Agent implant attempt msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
60641MALWARE-CNC MultiOS.Backdoor.Agent inbound connection attempt msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
60644OS-LINUX Linux kernel route4_change use after free attemptCVE-2022-2588
60648BROWSER-CHROME Chrome IPC memory dump attemptCVE-2021-37976
60666OS-MOBILE Android ACDB driver ioctl overflow attemptCVE-2013-2597
60669OS-WINDOWS Virtual Box kernel address tampering attemptCVE-2008-3431
60682OS-MOBILE Android sk_buff use-after-free attemptCVE-2021-0920
60684BROWSER-WEBKIT Apple Safari WebCore command cross site scripting attemptCVE-2019-8720
60697SERVER-WEBAPP VICIdial user_stats.php SQL injection attemptCVE-2022-34878
60703BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attemptCVE-2014-2817
61061OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attemptCVE-2023-21552
61063OS-WINDOWS Microsoft Windows ALPC privilege escalation attemptCVE-2023-21674
61065OS-WINDOWS Microsoft Windows AFD.sys privilege escalation attemptCVE-2023-21768
Signatures Removed

Removed the following signatures due to False Positives (FP):

  • 40062
  • 48577
  • 25530
  • 58701
Share this Doc

CTEP/IPS Threat Content Update Release Notes 100.0.0.283

Or copy link

In this topic ...